123 lines
3.6 KiB
Text
123 lines
3.6 KiB
Text
server {
|
|
listen 0.0.0.0:80 default;
|
|
listen [2a01:4f8:151:51a3:176:9:184:3]:80 default;
|
|
server_name www.kraut.space;
|
|
|
|
access_log /var/log/nginx/www.krautspace.de_access.log ano;
|
|
error_log /var/log/nginx/www.krautspace.de_error.log;
|
|
|
|
# weiterleiten
|
|
rewrite ^ https://$host$request_uri? permanent;
|
|
}
|
|
|
|
server {
|
|
listen 0.0.0.0:443 ssl default;
|
|
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl default;
|
|
ssl_certificate /etc/ssl/private/star.kraut.space.combined.crt;
|
|
ssl_certificate_key /etc/ssl/private/star.kraut.space.key;
|
|
server_name kraut.space www.kraut.space;
|
|
|
|
access_log /var/log/nginx/kraut.space_access.log ano;
|
|
error_log /var/log/nginx/kraut.space_error.log;
|
|
|
|
add_header Public-Key-Pins 'pin-sha256="h1eF+0TRBTfD0ksblNkZnC3XQ8/w1tKDotkBiZcyThc="; pin-sha256="2r/gJIym/afOi0tM9pcbibG1b0uixXHzwInOT+KVKPE="; pin-sha256="LUZ6gnGnIWtu/uXeQMfEEBlP8J6azBxFhPct2qpGYYk="; max-age=1209600; includeSubDomains';
|
|
|
|
add_header Strict-Transport-Security max-age=15768000; # six months
|
|
|
|
if ($host = www.kraut.space) {
|
|
return 301 https://kraut.space$request_uri;
|
|
}
|
|
|
|
root /var/www/wiki.hackspace-jena.de;
|
|
|
|
# falls es mal (global) an sein sollte
|
|
autoindex off;
|
|
index doku.php;
|
|
client_max_body_size 15M;
|
|
client_body_buffer_size 128k;
|
|
|
|
location ^~ /.well-known/ { allow all; }
|
|
location = /robots.txt { log_not_found off; }
|
|
location = /favicon.ico { log_not_found off; }
|
|
location ~ /\. { deny all; }
|
|
location ~ ~$ { deny all; }
|
|
|
|
# versuche Datei zu finden, leite sonst an @dw weiter
|
|
location / {
|
|
try_files $uri $uri/ @dw;
|
|
}
|
|
|
|
# setze Header
|
|
location ~ ^/lib/.*\.(gif|png|ico|jpg|svg|ttf)$ {
|
|
expires 30d;
|
|
}
|
|
|
|
# versuche was passendes für die anfrage zu finden
|
|
location @dw {
|
|
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
|
|
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
|
|
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
|
|
rewrite ^/(.*) /doku.php?id=$1 last;
|
|
}
|
|
|
|
# führe PHP-Script aus
|
|
location ~ \.php$ {
|
|
include fastcgi_params;
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
|
fastcgi_param HTTPS $php_https; # DW checks $_SERVER['HTTPS']
|
|
fastcgi_intercept_errors on;
|
|
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
|
# entferne Header "X-Powered-By: PHP/5.4.40-1~dotdeb+wheezy.1"
|
|
fastcgi_hide_header "X-Powered-By";
|
|
}
|
|
|
|
# das ist mit absicht hier hinten!
|
|
# soll erst nach dokuwiki verarbeitung überprüft werden, nicht das einige Artikel nicht zu öffnen sind
|
|
location ~ /(data|conf|bin|inc)/ { deny all; }
|
|
|
|
### XMPP
|
|
# forward http-bind requests to the prosody instance
|
|
location /http-bind {
|
|
proxy_pass http://localhost:5280/http-bind;
|
|
proxy_buffering off;
|
|
tcp_nodelay on;
|
|
# add_header Access-Control-Allow-Origin *;
|
|
proxy_set_header Host anon.krautspace.de;
|
|
}
|
|
|
|
# forward xmpp registrations to prosody
|
|
location /xmpp/ {
|
|
index index.php;
|
|
# Idee für schönere umsetzung
|
|
# expires 7d;
|
|
# try_file $uri $uri/ /xmpp/index.php;
|
|
if (-f $request_filename) {
|
|
expires 7d;
|
|
break;
|
|
}
|
|
rewrite ^/xmpp/(.*) /xmpp/index.php last;
|
|
}
|
|
|
|
### CHAT
|
|
# setze Header
|
|
location ~* ^/chat/*.\.(js|css|json|map|gif|png|swf|mp3)$ {
|
|
expires 7d;
|
|
}
|
|
# sonstige anfragen an /chat/, versuche datei zu finden
|
|
location /chat/ {
|
|
# forward /chat/ to /chat/index.html as per request of qbi
|
|
index index.html;
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
location ~* ^/chat2/*.\.(js|css|json|map|gif|png|swf|mp3)$ {
|
|
expires 7d;
|
|
}
|
|
|
|
location /chat2/ {
|
|
index index.html;
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
}
|